Scribd Logo
Upload

Welcome to Scribd!

  • 4G Network

    Uploaded by

    yekoyesew
    106 views26 pages

    Original Title

    4G network.ppt

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    106 views26 pages

    4G Network

    Uploaded by

    yekoyesew

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    Long Term Evolution

    and
    its security infrastructure

    Fataneh Safavieh
    Mobile security Seminar,Bit,07.02.2011
    Outline

    Introduction: some history &background


    What is LTE?
    LTE-SAE Security: some highlights
    Home(e)Node B Security

    2
    Introduction:
    some history & background

    3
    Mobile Evolution
    Improvements in mobile communication
    technology during the last two decades
    The Mobile Broadband is as important as Internt

    http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf
    4
    User Expectations
    Highly desire of broadband acces everywhere
    1. Home, Office
    2. Train, Aeroplane, Canteen, during the Breake
    Ubiquity (anywhere, anytime)
    Higher voice quality
    Higher speed
    Lower prices
    Multitude of services

    5
    http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf
    3GPP
    The 3rd generation partnership project

    A global partnership of six SDOs:

    1. Europe ETSI
    2. USA ATIS
    3. China CCSA
    4. Japan ARIB & TTC
    5. Korea TTA

    LTE The UMTS Long Term Evolution - Sesia, Toufik, Baker 6


    What is LTE?

    7
    What is LTE?
    The latest standard in the mobile network
    technology tree
    A project of 3GPP & mainly built on 3GPP
    cellular systems family
    May be referred as E-UTRA & E-UTRAN
    Has advanced new radio interface
    Circuit switched networksall-IP networks
    Broadband connectivity on the move
    100Mbps(DL), 50Mbps(UL), ~10 ms Latency
    8
    UMTS and LTE architecture

    Extract from Towards Global Mobile Broadband 9


    A White Paper from the UMTS Forum
    LTE key features
    High Spectral Efficiency more customers, less
    costs
    Co-existence with other standards
    Flexible radio planning (cell size of 5km30/100km)
    Reduced Latency less RTT, multi-player gaming,
    audio/video conferencing
    Reduced costs for operators (OPEX & CAPEX)
    Increased data rates via enhanced air interface
    (OFDMA,SC-FDMA,MIMO)
    All-IP environment SAE or EPC

    key advantages of SAE 10


    LTE-SAE Security:
    some highlights

    11
    Security in the LTE-SAE Network

    Security features in the network (from TS 33.401- Fig.4-1) 12


    Security features in the LTE-SAE
    Network
    Five security feature groups defined in TS 33.401

    (I): Network access security


    provides users with secure access to services
    protects against attacks on the access interface
    (II): Network domain security
    enables nodes to exchange signaling- & user- data securely
    protects against attacks on the wire line network
    (III): User domain security
    Provides secure access to mobile stations
    (IV): Application domain security
    enables applications in the user & provider domains to exchnage messages securely
    (V): Visibility and configurability of security
    allows the users to learn whether a security feature is in operation

    13
    Authentication & key agreement

    HSS generates authentication data and provides it to MME


    Challenge-response authentication and key agreement
    procedure between MME and UE

    4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009 15


    Confidentiality & integrity of
    signaling

    RRC signaling between UE and E-UTRAN


    NAS signaling between UE and MME
    S1 interface signaling
    protection is not UE-specific
    optional to use
    4th ETSI Security Workshop - Sophia- Antipolis,13-14 January 2009 16
    User plane confidentiality

    S1-U protection is not UE-specific


    (Enhanced) network domain security mechanisms (based on IPsec)
    Optional to use
    Integrity is not protected for various reasons, e.g.:
    performance
    limited protection for application layer

    4th ETSI Security Workshop - Sophia- Antipolis, 13-14 January 2009 17


    Cryptographic network separation

    Key hierarchy (TS 33.401 - Figure 6.2-1) 18


    Cryptographic network separation
    Authentication vectors are specific to the serving network
    AVs usable in UTRAN/GERAN cannot be used in
    EPS
    AVs usable for UTRAN/GERAN access cannot be used
    for EUTRAN access
    Solution by a separation bit
    Rel-99 USIM is still sufficient for EPS access
    ME has to check the separation bit (when
    accessing E-UTRAN)

    4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009


    19
    Home (e) Node B Security

    21
    System architecture of H(e)NB

    Operators
    UE HNB insecure SeGW core
    link network

    E-UTRAN air interface between UE and HeNB


    HeNB accesses operators core network via a Security Gateway
    The backhaul between HeNB and SeGW may be insecure
    Operators core network performs mutual authentication with HeNB
    via SeGW
    Security tunnel between HeNB and SeGW to protect information
    transmitted in backhaul link

    22
    Figure from draft TR 33.820
    Common threats to H(e)NB
    1. Physical tampering with H(e)NB
    2. Fraudulent software update / configuration
    changes
    3. Denial of service attacks against core network
    4. Eavesdropping of the other users UTRAN or
    E-UTRAN user data
    5. User cloning the H(e)NB authentication Token

    From TR 33.820

    23
    Security requirements to H(e)NB
    1. Unprotected data should never leave a secure domain inside
    H(e)NB
    2. Software updates and configuration changes for the H(e)NB shall
    be cryptographically signed (by operator or H(e)NB supplier) and
    verified configuration changes shall be authorized by H(e)NB
    operator or supplier
    3. Unauthenticated traffic shall be filtered out on the links between
    the core network and the H(e)NB
    4. New users should be required to explicitly confirm their
    acceptance before being joined to an H(e)NB
    5. H(e)NB authentication credentials shall be stored inside a secure
    domain i.e. from which outsider cannot retrieve or clone the
    credentials

    From TR 33.820 24
    References and Resources

    25
    References and Resources
    A Long Term Evolution Downlink inspired channel
    simulator using the SUI 3Channel Model, Thesis of
    Sanjay Kumar Sarkar, August 2009
    LTE The UMTS Long Term Evolution-
    Sesia, Toufik, Baker (WILEY Publication) 2009
    http://www.nsma.org/conf2008/Presentation/2-1045-
    MiyaharaLTE_Overview_NMSA%2021March08_final.pdf
    Towards Global Mobile Broadband A White Paper
    from the UMTS Forum, February 2008
    TS 33.401

    26
    References and Resources

    4th ETSI Security Workshop- Sophia-Antipolis ,


    13-14 January 2009
    TR 33.820
    A Survey of Security Threats on 4G Networks,
    Yongsuk Park and Taejoon Park
    Security in the LTE-SAE Network,
    www.agilent.com/find/lte
    www.3gpp.org
    www.radio-electronics.com
    http://sites.google.com/site/lteencyclopedia
    27
    Thank
    You
    For
    Your
    Attention!
    28

    You might also like